Azure Workbook: This will show Public IP Address that you have
This Azure Monitor Workbook can help identify by using KQL (Kusto Query Language) data from AzureActivity and Azure Resource Graph (ARG) which IP addresses are configured and when.
Tip you can also use the queries to form an Alert in Azure Monitor or Azure Sentinel to detect when a IP address is made public.
Demo: Demo Gif file
Installation instructions: https://github.com/CliveW-MSFT/KQLpublic/blob/master/README.md
Download: https://github.com/CliveW-MSFT/KQLpublic/blob/master/KQL/Workbooks/PublicIP/PublicIP%20v0.1.workbook
Overview
Use this Workbook to compare any Public IP address (PIP) in Azure Montor Logs and Azure Resource Graph (ARG). ARG may have more data that is useful to compare logged data against.
- e.g. If you create a Resource but never start it, ARG will have data, whereas Log Analytics wont have a log entry.
- Also Log Analytics has data retention, so the data you seek may have been removed if the retention period has passed.
Data Source required:
AzureActivity
| where ResourceProvider == "Microsoft.Network"
